Lucene search
K

75 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/03 6:12 p.m.10 views

CVE-2026-3494

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

5.3CVSS6AI score0.00274EPSS
Exploits1References2
OSV
OSV
added 2026/03/03 6:12 p.m.4 views

CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

5.3CVSS6.5AI score0.00274EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/03 6:12 p.m.6 views

CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

5.3CVSS6AI score0.00274EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/03 6:12 p.m.8 views

EUVD-2026-9311

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

5.3CVSS6AI score0.00274EPSS
Exploits1References1
CVE
CVE
added 2026/03/03 6:12 p.m.71 views

CVE-2026-3494

CVE-2026-3494 affects MariaDB Server (audit plugin) up to version 11.8.5. When the audit plugin is enabled and server_audit_events is filtered to QUERY_DCL/QUERY_DDL/QUERY_DML, an authenticated user issuing a SQL statement starting with -- or # may bypass logging, leading to incomplete audit reco...

5.3CVSS6AI score0.00274EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/03 6:12 p.m.3 views

CVE-2026-3494

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

5.3CVSS6.5AI score0.00274EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/03/03 6:12 p.m.6 views

CVE-2026-3494

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

5.3CVSS5.8AI score0.00274EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.10 views

MCP MariaDB Server 安全漏洞

MCP MariaDB Server is a server implementation of the MariaDB open-source large language model context protocol. Versions of MCP MariaDB Server 11.8.5 and earlier contain security vulnerabilities. These vulnerabilities arise when the server audit plugin is enabled and specific filtering events are...

5.3CVSS7.1AI score0.00274EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.6 views

PT-2026-22790

Name of the Vulnerable Software and Affected Versions MariaDB versions through 11.8.5 Description When the server audit plugin is enabled with the server audit events variable configured with QUERY DCL, QUERY DDL, or QUERY DML filtering, SQL statements prefixed with double-hyphen — or hash style...

5.3CVSS5.8AI score0.00967EPSS
Exploits1References65
Snyk
Snyk
added 2025/10/16 7:51 a.m.2 views

Malicious Package

Overview vite-audit-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-9676

Malware in sbrugna...

6.1CVSS6.3AI score0.00905EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2344

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01486EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-2572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Audit Plugin. Supported versions that are affected are 5.7.28 and prior and 8.0.18...

4CVSS5.3AI score0.01305EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:13 a.m.9 views

CVE-2019-1003077

A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score0.01486EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/09/12 12:0 a.m.5 views

The vulnerability of the audit plugin (of the TracePluginImpl class in the TracePluginImpl module) of the “Red Database” database management system allows a perpetrator to influence audit records.

The vulnerability of the audit plugin of the TracePluginImpl class within the TracePluginImpl module of the “Red Database” database management system relates to the possibility of assigning incorrect severity and facility parameters to certain events when these events are recorded in the OS syslo...

5.3CVSS5.5AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.7 views

PT-2024-25544 · Weblizar · Weblizar School Management Pro

Name of the Vulnerable Software and Affected Versions: Weblizar School Management Pro versions through 10.3.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation...

7.6CVSS7.2AI score0.01094EPSS
Exploits1References9
OSV
OSV
added 2024/01/30 9:30 a.m.16 views

GHSA-V89Q-C273-3P42 Craft CMS Audit Plugin Cross Site Scripting vulnerability

Cross Site Scripting XSS vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation...

5.4CVSS5.4AI score0.0038EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/01/30 9:30 a.m.20 views

Craft CMS Audit Plugin Cross Site Scripting vulnerability

Cross Site Scripting XSS vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation...

5.4CVSS6.4AI score0.0038EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/01/30 9:15 a.m.31 views

CVE-2023-36259

Cross Site Scripting XSS vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation...

5.4CVSS5.4AI score0.0038EPSS
Exploits0References2
OSV
OSV
added 2024/01/30 12:0 a.m.20 views

CVE-2023-36259

Cross Site Scripting XSS vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation...

5.4CVSS6.1AI score0.0038EPSS
Exploits0References4
Rows per page
Query Builder